Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
d98f7e33
Commit
d98f7e33
authored
Jun 12, 2019
by
Sietse Ringers
Browse files
Merge branch 'master' into condiscon
parents
a0660056
7a4a04f9
Changes
6
Hide whitespace changes
Inline
Side-by-side
descriptions.go
View file @
d98f7e33
...
...
@@ -18,6 +18,7 @@ type SchemeManager struct {
URL
string
`xml:"Url"`
Contact
string
`xml:"contact"`
Description
TranslatedString
MinimumAppVersion
SchemeAppVersion
KeyshareServer
string
KeyshareWebsite
string
KeyshareAttribute
string
...
...
@@ -32,6 +33,11 @@ type SchemeManager struct {
index
SchemeManagerIndex
}
type
SchemeAppVersion
struct
{
Android
int
`xml:"Android"`
IOS
int
`xml:"iOS"`
}
// Issuer describes an issuer.
type
Issuer
struct
{
ID
string
`xml:"ID"`
...
...
internal/servercore/api.go
View file @
d98f7e33
...
...
@@ -111,8 +111,8 @@ func (s *Server) verifyConfiguration(configuration *server.Configuration) error
}
for
_
,
file
:=
range
files
{
filename
:=
file
.
Name
()
if
filepath
.
Ext
(
filename
)
!=
".xml"
&&
strings
.
Count
(
filename
,
"."
)
!=
3
{
s
.
conf
.
Logger
.
Infof
(
"Skipping non-private key file
%s
encountered in private keys path"
,
filename
)
if
filepath
.
Ext
(
filename
)
!=
".xml"
||
filename
[
0
]
==
'.'
||
strings
.
Count
(
filename
,
"."
)
!=
2
{
s
.
conf
.
Logger
.
WithField
(
"file"
,
filename
)
.
Infof
(
"Skipping non-private key file encountered in private keys path"
)
continue
}
issid
:=
irma
.
NewIssuerIdentifier
(
strings
.
TrimSuffix
(
filename
,
filepath
.
Ext
(
filename
)))
// strip .xml
...
...
irmaclient/client.go
View file @
d98f7e33
...
...
@@ -838,7 +838,7 @@ func (client *Client) keyshareEnrollWorker(managerID irma.SchemeManagerIdentifie
}
transport
:=
irma
.
NewHTTPTransport
(
manager
.
KeyshareServer
)
kss
,
err
:=
newKeyshareServer
(
managerID
,
manager
.
KeyshareServer
)
kss
,
err
:=
newKeyshareServer
(
managerID
)
if
err
!=
nil
{
return
err
}
...
...
@@ -882,7 +882,7 @@ func (client *Client) KeyshareVerifyPin(pin string, schemeid irma.SchemeManagerI
}
}
kss
:=
client
.
keyshareServers
[
schemeid
]
return
verifyPinWorker
(
pin
,
kss
,
irma
.
NewHTTPTransport
(
kss
.
URL
))
return
verifyPinWorker
(
pin
,
kss
,
irma
.
NewHTTPTransport
(
scheme
.
KeyshareServer
))
}
func
(
client
*
Client
)
KeyshareChangePin
(
manager
irma
.
SchemeManagerIdentifier
,
oldPin
string
,
newPin
string
)
{
...
...
@@ -900,7 +900,7 @@ func (client *Client) keyshareChangePinWorker(managerID irma.SchemeManagerIdenti
return
errors
.
New
(
"Unknown keyshare server"
)
}
transport
:=
irma
.
NewHTTPTransport
(
kss
.
URL
)
transport
:=
irma
.
NewHTTPTransport
(
client
.
Configuration
.
SchemeManagers
[
managerID
]
.
KeyshareServer
)
message
:=
keyshareChangepin
{
Username
:
kss
.
Username
,
OldPin
:
kss
.
HashedPin
(
oldPin
),
...
...
irmaclient/keyshare.go
View file @
d98f7e33
...
...
@@ -54,7 +54,6 @@ type keyshareSession struct {
}
type
keyshareServer
struct
{
URL
string
`json:"url"`
Username
string
`json:"username"`
Nonce
[]
byte
`json:"nonce"`
SchemeManagerIdentifier
irma
.
SchemeManagerIdentifier
...
...
@@ -127,13 +126,9 @@ const (
kssPinError
=
"error"
)
func
newKeyshareServer
(
schemeManagerIdentifier
irma
.
SchemeManagerIdentifier
,
url
string
,
)
(
ks
*
keyshareServer
,
err
error
)
{
func
newKeyshareServer
(
schemeManagerIdentifier
irma
.
SchemeManagerIdentifier
)
(
ks
*
keyshareServer
,
err
error
)
{
ks
=
&
keyshareServer
{
Nonce
:
make
([]
byte
,
32
),
URL
:
url
,
SchemeManagerIdentifier
:
schemeManagerIdentifier
,
}
_
,
err
=
rand
.
Read
(
ks
.
Nonce
)
...
...
@@ -194,12 +189,13 @@ func startKeyshareSession(
}
for
managerID
:=
range
session
.
Identifiers
()
.
SchemeManagers
{
if
!
ks
.
conf
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
scheme
:=
ks
.
conf
.
SchemeManagers
[
managerID
]
if
!
scheme
.
Distributed
()
{
continue
}
ks
.
keyshareServer
=
ks
.
keyshareServers
[
managerID
]
transport
:=
irma
.
NewHTTPTransport
(
ks
.
k
eyshareServer
.
URL
)
transport
:=
irma
.
NewHTTPTransport
(
scheme
.
K
eyshareServer
)
transport
.
SetHeader
(
kssUsernameHeader
,
ks
.
keyshareServer
.
Username
)
transport
.
SetHeader
(
kssAuthHeader
,
"Bearer "
+
ks
.
keyshareServer
.
token
)
transport
.
SetHeader
(
kssVersionHeader
,
"2"
)
...
...
@@ -372,7 +368,8 @@ func (ks *keyshareSession) GetCommitments() {
comms
:=
&
proofPCommitmentMap
{}
err
:=
transport
.
Post
(
"prove/getCommitments"
,
comms
,
pkids
[
managerID
])
if
err
!=
nil
{
if
err
.
(
*
irma
.
SessionError
)
.
RemoteError
.
Status
==
http
.
StatusForbidden
&&
!
ks
.
pinCheck
{
if
err
.
(
*
irma
.
SessionError
)
.
RemoteError
!=
nil
&&
err
.
(
*
irma
.
SessionError
)
.
RemoteError
.
Status
==
http
.
StatusForbidden
&&
!
ks
.
pinCheck
{
// JWT may be out of date due to clock drift; request pin and try again
// (but only if we did not ask for a PIN earlier)
ks
.
pinCheck
=
false
...
...
irmaconfig.go
View file @
d98f7e33
...
...
@@ -1279,13 +1279,21 @@ func (conf *Configuration) UpdateSchemeManager(id SchemeManagerIdentifier, downl
return
}
func
(
conf
*
Configuration
)
updateSchemes
()
error
{
func
(
conf
*
Configuration
)
UpdateSchemes
()
error
{
updated
:=
IrmaIdentifierSet
{
SchemeManagers
:
map
[
SchemeManagerIdentifier
]
struct
{}{},
Issuers
:
map
[
IssuerIdentifier
]
struct
{}{},
CredentialTypes
:
map
[
CredentialTypeIdentifier
]
struct
{}{},
}
for
id
:=
range
conf
.
SchemeManagers
{
Logger
.
WithField
(
"scheme"
,
id
)
.
Info
(
"Auto-updating scheme"
)
if
err
:=
conf
.
UpdateSchemeManager
(
id
,
nil
);
err
!=
nil
{
if
err
:=
conf
.
UpdateSchemeManager
(
id
,
&
updated
);
err
!=
nil
{
return
err
}
}
if
!
updated
.
Empty
()
{
return
conf
.
ParseFolder
()
}
return
nil
}
...
...
@@ -1294,7 +1302,7 @@ func (conf *Configuration) AutoUpdateSchemes(interval uint) {
conf
.
scheduler
=
gocron
.
NewScheduler
()
conf
.
scheduler
.
Every
(
uint64
(
interval
))
.
Minutes
()
.
Do
(
func
()
{
if
err
:=
conf
.
u
pdateSchemes
();
err
!=
nil
{
if
err
:=
conf
.
U
pdateSchemes
();
err
!=
nil
{
Logger
.
Error
(
"Scheme autoupdater failed: "
)
if
e
,
ok
:=
err
.
(
*
errors
.
Error
);
ok
{
Logger
.
Error
(
e
.
ErrorStack
())
...
...
server/irmad/cmd/root.go
View file @
d98f7e33
...
...
@@ -116,7 +116,7 @@ func setFlags(cmd *cobra.Command, production bool) error {
flags
.
String
(
"client-listen-addr"
,
""
,
"address at which server for IRMA app listens"
)
flags
.
Lookup
(
"port"
)
.
Header
=
`Server address and port to listen on`
flags
.
Bool
(
"no-auth"
,
!
production
,
"whether or not to authenticate requestors"
)
flags
.
Bool
(
"no-auth"
,
!
production
,
"whether or not to authenticate requestors
(and reject all authenticated requests)
"
)
flags
.
String
(
"requestors"
,
""
,
"requestor configuration (in JSON)"
)
flags
.
StringSlice
(
"disclose-perms"
,
nil
,
"list of attributes that all requestors may verify (default *)"
)
flags
.
StringSlice
(
"sign-perms"
,
nil
,
"list of attributes that all requestors may request in signatures (default *)"
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment